Returnil Virtual System 2010 Home Lux

Virtualization protects file system and Registry from change. Reboot to restore. Offers many options to save files that should survive reboot. Can block execution of all new programs. Includes real-time malware protection and on-demand antivirus scanner.

Cons

Antivirus scanner recognized few malware threats in testing. Didn't thoroughly clean up those it did detect. Poor real-time antivirus protection. Virtualization can wipe out valid updates and changes if the user isn't careful.

Bottom Line

With virtualization app Returnil installed, malware can't permanently damage your PCrebooting wipes out all changes. Since malicious programs can transmit private information before you reboot, Returnil includes antivirus. However, in testing it proved worthless. Get the Home Classic edition with no antivirus and add better AV from another vendor.

When you install a virtualization-based security utility, every day is Groundhog Day for your computer. Each time you reboot the system goes back to its known good state and any malicious changes vanish as if they never existed. Returnil Virtual System 2010 Home Classic is an effective example of this type of utility, and one that I reviewed in depth (and liked). Home Classic's for-pay cousin Returnil Virtual System 2010 Home Lux ($39.95 direct) has all the same features but adds antivirus protection which unfortunately is a total dud.

With Returnil, I had none of the installation problems that often plague security software. Perhaps the malware that fights back hasn't yet chosen to fight Returnil? Installation went fairly quickly and the initial update finished in a flash. As described in my review of the Home Classic edition, the virtualization system correctly wiped out all malware on reboot while still allowing numerous ways to save specific files to the real disk where they'll survive a reboot. That facet of the program works very well, so for Returnil Home Lux, I moved on to testing the antivirus addendum.

Attempting System Cleanup
At reboot, Returnil flushes away all changes that happened in the file system and Registry, bringing your computer back to its original state. But what if it was already infected? Clearly it's important to start with a clean system.

The Home Lux edition reviewed here includes a full antivirus scanner along with real-time protection against malware. It scans fairly quicklyabout twelve minutes on my standard clean test system. But, hey! Any program can be fast if it doesn't do anything, and Returnil's antivirus scan does close to nothing.

In my malware removal, test Returnil detected barely half the threats and failed to remove most of what it did find. On one system with four known threats installed, it declared "No malware found." The malware cleanup module is just dreadful. Malwarebytes' Anti-Malware 1.46 (Free, ), Norton AntiVirus 2010 ($39.99 direct, ), and Spyware Doctor with AntiVirus 2010 ($39.95 direct, ) all scored at least 7.1 of 10 points for malware removal using my current malware collection. On this same test Returnil scored a dismal 3.0 points. The only product ever to score lower (with last year's malware collection) was FortiClient Endpoint Security Standard Edition 4.1 (Free, ), with 2.9 points.

Returnil scored 2.1 for removal of commercial keyloggers and 1.0 for removal of rootkits. The few rootkits it detected were still running after its alleged removal. Its scareware removal score of 3.6 is fractionally better than its other scores but nowhere near good. Malwarebytes scored 8.1 in the scareware removal test. For more information about my testing read How We Test Anti-Malware.

Limp Malware Protection
To test the real-time malware protection, I attempted to re-download my current malware collection. Returnil doesn't do any blocking at the URL level, but its real-time quarantine kicked in for about half of the files during the download process. Even when I clicked the "Quarantine Now" button it did not always halt the download, but it did prevent launching the downloaded program.

When I opened a folder containing copies of the malware samples that I had downloaded earlier Returnil recognized a little over a third of them. Malwarebytes, Norton and Spyware Doctor all detected around twice that many on sight. I didn't always get a popup window with a "Quarantine Now" buttonin some cases, I had to go into the program's Messages window and actively click an icon to quarantine the found items. If you see an animated envelope in the Messages area you should always review the new items, just in case.

Quite a few samples remained after Returnil's initial spate of real-time recognition. I launched each of those to see if Returnil would prevent it from installing. More specifically, I launched three or four samples at a time, ran my analysis tools to verify what traces got installed, and then rebooted to discard the changes. In every case Returnil successfully wiped out all the changes which was, in one sense, a mixed blessing. Rebooting restored all of the detected-on-sight threats that had been quarantined, requiring Returnil to detect and quarantine them again, and again, and again.

Just considering the product's behavior before rebooting, Returnil scored a little better in malware blocking than it did in malware removal; 5.3 points as opposed to 3.0. But both Norton and Spyware Doctor scored 8.4 on this test. As with the removal test, Returnil scored a little better when against scarewareit got 6.7 points. That's still lower than the rest, though. Malwarebytes scored 8.9 against scareware. And Returnil's scores of 2.5 and 2.1 against keyloggers and rootkits are just dismal. It did detect almost half of the rootkit samples, but all but one of those managed to install its rootkit technology despite allegedly being quarantined by Returnil.

I'll say again that every single threat was properly wiped out upon rebooting the system. Virtualization works! But there's a purpose to the real-time antivirus protection too. A malicious program that manages to install on your system can interact with its home server, sending out your personal information or (at least until reboot) converting your system into a spam-spewing zombie. The real-time antivirus protection supplied by Returnil won't actually prevent that. For more information about my testing read How We Test Anti-Malware.

A combination of virtualization-based security and traditional antivirus should protect your PC against most threats, as long as the traditional antivirus does its job well. Returnil's doesn't, not at all. Don't pay the extra $10 for the Home Lux editionget the Home Classic edition and add antivirus software that's proved itself in testing.

PCMag may earn affiliate commissions from the shopping links included on this page. These commissions do not affect how we test, rate or review products. To find out more, read our complete terms of use.

Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted by readers. By 1990, he had become PC Magazine's technical editor, and a coast-to-coast telecommuter. His "User to User" column supplied readers with tips...
More »